METHOD AND SYSTEM FOR NETWORK ACCESS CONTROL
    2.
    发明申请
    METHOD AND SYSTEM FOR NETWORK ACCESS CONTROL 有权
    网络访问控制的方法和系统

    公开(公告)号:US20130205374A1

    公开(公告)日:2013-08-08

    申请号:US13879136

    申请日:2011-03-15

    IPC分类号: H04L29/06

    CPC分类号: H04L63/08

    摘要: A method and a system for network access control are provided, which are based on cipher code mechanism. After a visitor has raised an access request, an access controller in the destination network processes the access request and initiates an authentication request on the visitor identity to an authentication server through the visitor. The access controller in the destination network accomplishes the authentication on the visitor identity according to the public authentication result of the authentication server transferred by the visitor, and performs according to the authorization policy the authorization management on the successfully authenticated visitor. The present invention solves the problem of incapableness of performing the access control when the access controller can not directly use the authentication service provided by the authentication server. The present invention can sufficiently satisfy the real application requirements of access control on visitor.

    摘要翻译: 提供了一种基于密码机制的网络访问控制方法和系统。 在访问者提出访问请求之后,目的地网络中的访问控制器处理访问请求,并通过访问者向认证服务器发起对访问者身份的认证请求。 目的地网络中的接入控制器根据访问者转发的认证服务器的公共认证结果对访客身份进行认证,并根据认证策略对成功认证的访问者进行授权管理。 本发明解决了当访问控制器不能直接使用认证服务器提供的认证服务时执行访问控制的不适用性的问题。 本发明可以充分满足访客访问控制的实际应用需求。

    Method and system for switching station in centralized WLAN when WPI is performed by access controller
    3.
    发明授权
    Method and system for switching station in centralized WLAN when WPI is performed by access controller 有权
    WPI由接入控制器执行时,集中式WLAN切换站的方法和系统

    公开(公告)号:US08819778B2

    公开(公告)日:2014-08-26

    申请号:US13320469

    申请日:2009-12-07

    IPC分类号: H04L29/06 H04W12/06

    摘要: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

    摘要翻译: 本发明的实施例涉及一种当WLAN隐私基础设施(WPI)由接入控制器(AC)执行时,在集中式无线局域网(WLAN)中切换台站的方法和系统。 该方法包括:步骤1:站通过目的无线终端(WTP)与AC重新关联; 步骤2:AC通知相关的WTP删除站; 步骤3:AC通知目的地WTP加入车站。 本发明基于在交换台处理过程中的无线接入点协议(CAPWAP)控制消息的控制和提供,实现了加入站和删除站之间的AC和WTP的操作。 因此,本发明可以在同一AC下的WTP之间快速,安全地实现站切换。

    SECURITY ACCESS CONTROL METHOD AND SYSTEM FOR WIRED LOCAL AREA NETWORK
    4.
    发明申请
    SECURITY ACCESS CONTROL METHOD AND SYSTEM FOR WIRED LOCAL AREA NETWORK 有权
    用于有线局域网的安全访问控制方法和系统

    公开(公告)号:US20120151554A1

    公开(公告)日:2012-06-14

    申请号:US13391051

    申请日:2009-12-23

    IPC分类号: H04L29/06

    摘要: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

    摘要翻译: 本发明涉及有线局域网的安全访问控制方法和系统,该方法包括以下步骤:1)请求者(REQ)与认证接入控制器(AAC)协商安全策略; 2)请求者(REQ)和认证访问控制器(AAC)认证身份; 3)请求者(REQ)与认证接入控制器(AAC)协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络,电信网络等各种网络架构; 可扩展性好,支持多种认证方式; 支持不同安全级别的认证协议,满足各种用户的要求; 协议的子模块是独立的,灵活的,易于被接受或拒绝。

    METHOD AND SYSTEM FOR SWITCHING STATION IN CENTRALIZED WLAN WHEN WPI IS PERFORMED BY ACCESS CONTROLLER
    5.
    发明申请
    METHOD AND SYSTEM FOR SWITCHING STATION IN CENTRALIZED WLAN WHEN WPI IS PERFORMED BY ACCESS CONTROLLER 有权
    用于在WPI由访问控制器执行的中央WLAN中切换站的方法和系统

    公开(公告)号:US20120054831A1

    公开(公告)日:2012-03-01

    申请号:US13320469

    申请日:2009-12-07

    IPC分类号: H04W12/06 H04W48/00 H04W72/04

    摘要: The embodiment of the present invention relates to a method and a system for switching station in centralized wireless local area network (WLAN) when the WLAN privacy infrastructure (WPI) is performed by an access controller (AC). The method includes: step 1: the station re-associates with the AC through the destination wireless terminal point (WTP); step 2: the AC informs the associated WTP to delete the station; step 3: the AC informs the destination WTP to join the station. The invention implements the operation of joining station and deleting station between the AC and the WTP based on the control and provisioning of wireless access points protocol (CAPWAP) control message during the process of switching station. Therefore, the invention can quickly and safely implement the station switching among the WTPs under the same AC.

    摘要翻译: 本发明的实施例涉及一种当WLAN隐私基础设施(WPI)由接入控制器(AC)执行时,在集中式无线局域网(WLAN)中切换台站的方法和系统。 该方法包括:步骤1:站通过目的无线终端(WTP)与AC重新关联; 步骤2:AC通知相关的WTP删除站; 步骤3:AC通知目的地WTP加入车站。 本发明基于在交换台处理过程中的无线接入点协议(CAPWAP)控制消息的控制和提供,实现了加入站和删除站之间的AC和WTP的操作。 因此,本发明可以在同一AC下的WTP之间快速,安全地实现站切换。

    Method for implementing a convergent wireless local area network (WLAN) authentication and privacy infrastructure (WAPI) network architecture in a local MAC mode
    6.
    发明授权
    Method for implementing a convergent wireless local area network (WLAN) authentication and privacy infrastructure (WAPI) network architecture in a local MAC mode 有权
    在本地MAC模式下实现融合无线局域网(WLAN)认证和隐私基础设施(WAPI)网络架构的方法

    公开(公告)号:US09015331B2

    公开(公告)日:2015-04-21

    申请号:US13203646

    申请日:2009-12-14

    摘要: A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between Station (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.

    摘要翻译: 提供了一种在本地媒体访问控制(MAC)模式下实现融合无线局域网(WLAN)认证和隐私基础设施(WLAN)网络架构的方法,包括以下步骤:接入点的MAC功能和WAPI功能 AP)分为无线终端点(WTP)和接入控制器(AC)之间,构成本地MAC模式; WAPI协议和融合WLAN网络架构的融合在本地MAC模式下实现; 执行站(STA),WTP和AC之间的关联和连接的过程; 执行在AC和WTP之间通知WLAN认证基础设施(WAI)协议的开始的过程; 执行STA和AC之间的WAI协议的执行过程; 执行在AC和WTP之间通知WAI协议的执行结束的过程; WTP和STA之间的加密通信过程通过使用WPI进行。

    Security access control method and system for wired local area network
    7.
    发明授权
    Security access control method and system for wired local area network 有权
    有线局域网的安全访问控制方法和系统

    公开(公告)号:US08689283B2

    公开(公告)日:2014-04-01

    申请号:US13391051

    申请日:2009-12-23

    IPC分类号: H04L29/06

    摘要: The present invention relates to a security access control method and system for wired local area network, the method includes the following steps: 1) a requester (REQ) negotiates the security policy with an authentication access controller (AAC); 2) the requester (REQ) and the authentication access controller (AAC) authenticate the identity; 3) the requester (REQ) negotiates the key with the authentication access controller (AAC). The direct identity authentication between the user and the network access control device is realized by the present invention; the negotiation and the dynamic update of the session key for the link layer data protection are realized; a variety of network architectures such as the enterprise network, the telecommunication network are supported; the scalability is good, the multiple authentication methods are supported; the authentication protocols with different security levels are supported, the requirements of the various subscribers are satisfied; the sub-modules of the protocol are independent, flexible, and easy to be accepted or rejected.

    摘要翻译: 本发明涉及有线局域网的安全访问控制方法和系统,该方法包括以下步骤:1)请求者(REQ)与认证接入控制器(AAC)协商安全策略; 2)请求者(REQ)和认证访问控制器(AAC)认证身份; 3)请求者(REQ)与认证接入控制器(AAC)协商密钥。 用户和网络访问控制设备之间的直接身份认证是通过本发明实现的; 实现了链路层数据保护的会话密钥的协商和动态更新; 支持企业网络,电信网络等各种网络架构; 可扩展性好,支持多种认证方式; 支持不同安全级别的认证协议,满足各种用户的要求; 协议的子模块是独立的,灵活的,易于被接受或拒绝。

    KEY MANAGEMENT AND NODE AUTHENTICATION METHOD FOR SENSOR NETWORK
    8.
    发明申请
    KEY MANAGEMENT AND NODE AUTHENTICATION METHOD FOR SENSOR NETWORK 有权
    传感器网络的主要管理和节点验证方法

    公开(公告)号:US20120300939A1

    公开(公告)日:2012-11-29

    申请号:US13503171

    申请日:2010-06-02

    IPC分类号: H04L9/08

    摘要: A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other. It is possible for effectively resisting attacks such as wiretapping, tampering, and replaying and the like for the network communication, realizing the secret communication between the nodes, effectively saving resources of the nodes of the sensor network, and prolonging the service lift of the sensor network in the method.

    摘要翻译: 公开了一种用于传感器网络的密钥管理和节点认证方法。 该方法包括以下步骤:1)密钥预分发:在部署网络之前,通过部署服务器将节点之间建立安全连接的通信密钥预分配给所有节点。 2)密钥建立:部署网络后,在节点之间建立安全连接对,包括以下步骤:2.1建立共享密钥:在共享密钥的邻居节点之间建立配对密钥 存在; 2.2)路径密钥建立:在没有共享密钥的节点之间建立配对密钥,但存在多跳安全连接。 3)节点身份(ID)认证:在节点之间正式通信之前,身份被认证,以确定其他身份的合法性和有效性。 有效抵御网络通信窃听,篡改,重放等攻击,实现节点之间的秘密通信,有效节省传感器网络节点的资源,延长传感器的业务提升 网络中的方法。

    Key management and node authentication method for sensor network
    9.
    发明授权
    Key management and node authentication method for sensor network 有权
    传感器网络的密钥管理和节点认证方法

    公开(公告)号:US08913751B2

    公开(公告)日:2014-12-16

    申请号:US13503171

    申请日:2010-06-02

    摘要: A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other. It is possible for effectively resisting attacks such as wiretapping, tampering, and replaying and the like for the network communication, realizing the secret communication between the nodes, effectively saving resources of the nodes of the sensor network, and prolonging the service lift of the sensor network in the method.

    摘要翻译: 公开了一种用于传感器网络的密钥管理和节点认证方法。 该方法包括以下步骤:1)密钥预分发:在部署网络之前,通过部署服务器将节点之间建立安全连接的通信密钥预分配给所有节点。 2)密钥建立:部署网络后,在节点之间建立安全连接对,包括以下步骤:2.1建立共享密钥:在共享密钥的邻居节点之间建立配对密钥 存在; 2.2)路径密钥建立:在没有共享密钥的节点之间建立配对密钥,但存在多跳安全连接。 3)节点身份(ID)认证:在节点之间正式通信之前,身份被认证,以确定其他身份的合法性和有效性。 有效抵御网络通信窃听,篡改,重放等攻击,实现节点之间的秘密通信,有效节省传感器网络节点的资源,延长传感器的业务提升 网络中的方法。

    Method for realizing convergent WAPI network architecture with split MAC mode
    10.
    发明授权
    Method for realizing convergent WAPI network architecture with split MAC mode 有权
    用分割MAC模式实现融合WAPI网络架构的方法

    公开(公告)号:US08855018B2

    公开(公告)日:2014-10-07

    申请号:US13203643

    申请日:2009-12-14

    CPC分类号: H04W12/06 H04W12/04 H04W84/12

    摘要: A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by a wireless terminal point is constructed through separating the MAC function and the WAPI function of the wireless access point apart to the wireless terminal point and an access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the wireless terminal point realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station by using WPI.

    摘要翻译: 用于实现具有分离式媒体接入控制(MAC)模式的融合无线局域网(WLAN)认证和隐私基础设施(WAPI)网络架构的方法包括以下步骤:用于通过以下方式实现WLAN隐私基础设施(WPI)的分割MAC模式 无线终端通过将无线接入点的MAC功能和WAPI功能分离到无线终端点和接入控制器来构建; 在无线终端实现WPI的分割MAC模式下实现WAPI和融合WLAN网络系统架构的集成; 在站点,无线终端点和访问控制器之间执行关联连接处理; 执行在接入控制器和无线终端点之间通知执行WLAN认证基础设施(WAI)协议的开始的过程; 执行在站点和访问控制器之间执行WAI协议的过程; 执行用于在接入控制器和无线终端点之间通知执行WAI协议的结束的过程; 通过使用WPI在无线终端点和站之间执行秘密通信处理。